Transcription

1 Internet threats: 7 steps to security for your small business

2 Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential in which he is asked to provide tax details on employees. A lawyer loses his phone. What do they all have in common? Their business network security is at risk. And whether your business network consists of a fleet of servers and computers, or simply a laptop and a mobile phone, it, too, can easily be at risk. We see headlines weekly about large, multinational corporations being hacked, but surprisingly it is small businesses that are the most in danger. 60% of targeted attacks in 2014 struck small and medium-size companies. 1 And those hacks can really hurt a small business by compromising critical data, exposing customer information, and costing organizations millions of dollars. The average cost of being hacked as a small business is $36, This amount climbs an additional $8,000 once indirect expenses and damage to reputation are taken into account. 3 Why are small businesses such inviting targets? The simple reason is that they often have less cyber security knowledge and fewer resources, which makes them easier to crack. Small businesses also sometimes serve as vendors to large companies, which may be the hacker s ultimate target. It s no surprise, then, that more and more business owners are seeing network security measures as an essential way to insure their information s safety, just as they take measures to protect from property loss. In fact, Canadian law requires it. The Personal Information Protection and Electronic Documents Act (PIPEDA) requires organizations to devise policies and procedures for protecting personal information. For more information, see the user-friendly guide at Fortunately, just as hackers develop more ingenious methods, so too do experts develop new methods for securing business data. There is no one size fits all solution, because specific needs vary by industry. However, here are some of the most important guidelines to know: 60% of targeted attacks in 2014 struck small and medium-size companies. 1 Shaw Business 7 steps to security for your small business Page 2

3 1. Educate employees Awareness is the best defense. Employees (as well as contractors or vendors who may have access to your network) are often the most vulnerable link in a network security chain. You can have a great network security solution in place, but one employee can directly or accidentally allow an intrusion if not educated properly. Phishing, for example, is a common means of invading a company s network, whereby a hacker masquerades as a trustworthy entity. An employee then clicks on an interesting or seemingly important link in an , and a small piece of malware automatically downloads, with no one the wiser. Another example of targeting employees is a new trend known as CEO fraud or fake president fraud, in which hackers mimic a top executive s address. Therefore, you ll want to inform your employees and contractors about phishing, and perhaps create a policy of double-checking via telephone when significant transactions are requested. Find resources and training for businesses and employees at StaySafeOnline.org ( 2. Step up your password game To protect your business from intrusion it is important to create complex passwords, have a policy of changing a password frequently, and policies for changing passwords with employee departures. With high-quality WiFi, employees are no longer confined to their desks to work while in the office; they can take a mobile device to a colleague s office, to a private space, or to a part of the business located on the other side of the building. With this changing work environment it is important to have separate networks for guests and employees and have passwords for each. A separate network for guests means employees do not have to sacrifice speed or bandwidth during times of heavy client usage. Shaw Business 7 steps to security for your small business Page 3

4 3. Enable security safeguards A firewall, which can be a software program or a piece of hardware, is a filter between a computer network and the Internet. It is the first line of defense that helps to block malware and other invaders. Antivirus software, which is installed on computers and devices, scans computers for malware infections that have reached the system, and cleans them up. Your business needs both, and needs to keep up with any updates or patches issued by the manufacturer. Avoid the temptation to disable a strong firewall because it requires an extra step like reading a pop-up notification or double-checking a web address to access certain sites. Look to managed security solutions that features both firewall and content filtering. 4. Embrace encryption Simply put, encryption is a way of scrambling information (video, words, images) so that they no longer make sense. A key, such as a passcode, is needed to restore the information to its original state. Your provider, computer operating system, and much of the business software your company uses may have built-in encryption options; check with your provider or manufacturer. If not, consider purchasing additional encryption software from a reputable provider. Remember that removable media, such as USB drives, should be encrypted as well. When you send information online, you ll want to make sure the network is secure. You ll know when a site is secure if you see https in the beginning of a web address, with the s at the end noting it s safe and encryption is at work. As a small business, you should obtain an SSL certificate to secure your website so that customers can safely share sensitive information. You can purchase a certificate by contacting your web developer or hosting company. Your hosting company will have to install the certificate on your server, and your web developer will then configure your website to deploy the secure connection. Utilizing an encrypted network is important for any business, but particularly for e-commerce companies and offices that handle highly sensitive client/patient information, such as doctors offices, insurance agencies, or financial firms. Shaw Business 7 steps to security for your small business Page 4

5 5. Be on top of the mobile security Most of us bring our work with us wherever we go, often on personal mobile devices such as a smartphone, laptop or tablet. Remind employees regularly of the potential harm to the business if a device is lost or stolen. At the very least, all employees who use personal devices for work should have unique passcodes that lock those devices. There are also apps that provide a service known as containerization that separates corporate and personal data. Some even allow an IT technician to remotely wipe a device clean should it ever end up lost or stolen. 6. Don t share your business network Offering WiFi to your customers and guests can be a great move, but allowing them to use the same network your company uses is a big mistake. Be sure to ask your WiFi provider about ways to separate your customer-facing network from your business network. This will both alleviate bandwidth concerns and prevent that hacker in the parking lot from gaining access to your business data. Businesses should always ensure that their private WiFi network is encryption-enabled and password-protected. 7. Consider a security solution that leverages the cloud A security system that leverages the cloud offers the advantage of easy access to the latest intelligence from around the world to continuously update its defenses. When data and applications are based in the cloud they are generally safeguarded by large enterprises that have the resources to provide multiple layers of security and backup many more than the average small business could ever afford. If any of the above seems overwhelming or simply too time-consuming for your small business, don t hesitate to call in expert help. Managed security services can handle your business s network security needs so that you don t have to spend time on installation and regular updates. It s never too late, or too early, to start thinking about a network security solution. Regardless of the industry you re in service, retail, professional, and others there s no time like the present to protect your business. Shaw Business 7 steps to security for your small business Page 5

6 Security terms decoded Understand these terms to help you make decisions about security for your business APT (advanced persistent threat) A long-term targeted attack that breaks into a network in multiple phases to avoid detection. Antivirus software Software designed to detect and protect against computer viruses and malware. Data breach When sensitive or confidential data is accessed, copied or stolen by an unauthorized party. authentication Verification, by an server, of the source of any given message. The process protects against spam and scams. Encryption The process of converting data into a unique, unrecognizable code. Firewall A filter between a computer network and the Internet. It is the first line of defense that helps to block malware and other invaders. Firewalls can be implemented in both hardware or software, or a combination of both. Malware Malicious software designed to access or cause harm to a computer or network. Phishing A fraudulent request for sensitive data (like personal information, passwords, etc.) made via . Skimming An attempt to steal credit or bank card information with a card-reading device, known as a skimmer. Secure Sockets Layer (SSL) The standard security technology for creating a link between a web server and web browser, which ensures the information passed between the two remains secure. Ransomware A software code that kidnaps data by encrypting it, then demanding payment for the decryption key. Ransomware can be delivered via links or attachments, or through infected websites. The cloud Increasingly, software (such as Microsoft Office 365) and services (such as data storage) are delivered over the Internet. The data for these services is accessible from anywhere, but physically stored in the cloud, which refers to massive data centers. Shaw Business 7 steps to security for your small business Page 6

7 Cybersecurity by the numbers 71% of all data breaches are waged against companies with less than 100 employees. 4 22% of small businesses say they don t know where to start when it comes to cyber security. 5 83% of small and medium businesses do not have a cyber security plan in place. 6 1 out of 10 people who receive a malicious will click a link in it. 7 Cybercrime costs roughly $400 billion annually across the globe. 8 Shaw Business 7 steps to security for your small business Page 7

8 Is your business protected? Take a moment to consider the following questions Do you keep, record and/or share critical data in the cloud? Do your employees and/or customers use the Internet at your place of business? Do you transmit sensitive information between employees online? Do you transmit sensitive information to customers and/or vendors online? Do you use multiple devices for business activities? Do you and/or your employees travel and use unknown networks? If you answered yes to any of these above questions, your business can benefit from a managed security solution. Shaw Business 7 steps to security for your small business Page 8

9 SmartSecurity by Shaw Business SmartSecurity keeps your business secure so you can focus on growing your business. Advanced threat protection Business grade firewall Content filtering Help protect your business against the latest viruses, malware and malicious hackers - with automatic updates. Permit or deny traffic at the network level. Control types of content that are allowed on your network. Application control Connectivity Cloud managed Control the applications that go in and out of your network. Connects multiple sites securely and allows you or your employees to login to your network securely from anywhere. Cloud-based solution with automatic updates. You can manage it through an easy-to-use online portal or our experts can help manage it for you with 24/7/365 tech support. Learn more about how SmartSecurity can help protect your business. 1: Symantec Internet Security Threat Report The Big Business of Hacking Small Businesses, Inc Magazine, Damage Control: The cost of Security breaches, Kaspernsky Lab into the source, Verizon 2012 Data Breach Report 5. Towergate Insurance, SMEs and Cyberattacks: What You Need to Know NCSA/Symantec National Small Business Study Government of Canada Data Breach Investigations, Verizon 8. Net Losses: Investigating the Global Cost of Cybercrime, McAfee report, June

How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,

Protect while you connect. Know the Risks. Protect Yourself. Protect Your Business. GETCYBERSAFE TIPS FOR S MALL AND MEDIUM BUSINESSES If you re like most small or medium businesses in Canada, the Internet

A PROVEN THREAT A TRUSTED SOLUTION MCCANN CYBER SECURITY SOLUTIONS Every day McCann Security helps business decision-makers and stakeholders solve cybersecurity issues and protect their critical data and

Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

Tahoe Tech Group LLC Cyber Security Briefing Truckee Donner Chamber of Commerce March 6, 2015 Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers

Cybersecurity has never been more important Ohioans increasingly use multiple devices to connect to the Internet. From desktop and laptop computers, to smartphones and tablets, we are online more often

WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available

The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

We are a volunteer-based organization that is spreading cyber awareness and creating a cyber first responders unit. We participate in several team-based competitions a year to serve as training and experience

WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

Why you need McAfee Multi Acess PARTNER SERVICES McAfee Multi Access is an online security app that protects all types of devices. All at once. The simple monthly subscription covers up to five devices

How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

Security Statement The security of your accounts and personal information is Sonabank s highest priority. Regardless of your preferred method of banking in person, by telephone or online you need to know

Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security

Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,

Best Practices: Corporate Online Banking Security These Best Practices assume that your organization has a commercially-reasonable security infrastructure in place. These Best Practices are not comprehensive

Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity

Security guide small businesses and freelancers Security guide 1 1. Introduction 3. The most dangerous types of threats 5. Will you let us protect you? 2. Where is the danger and how can we protect ourselves?

Web Presence Security Web Presence Security 2 Getting your business online is about reaching out and connecting with millions of potential customers, buyers, and partners. Building a website is the most

End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION Frequently Asked Questions WHAT IS SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION 1? Symantec Endpoint Protection Small Business Edition is built

Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity

MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber

Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA. What is Mobile Security? Mobile security is the protection of both personal and business information stored on and transmitted

White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is

SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright

Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products

A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.

Protect yourself online Connect Smart for Business SME TOOLKIT WELCOME To the Connect Smart for Business: SME Toolkit The innovation of small and medium sized enterprises (SMEs) is a major factor in New

Been in technology for 22 years Westinghouse Senior Manager at Clifton Gunderson-7th largest CPA and consulting firm in the U. S. Partner / Director in Kenneally and Company s technology consulting practice

How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware

WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is

Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you

Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day

is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09 In today s world data loss happens multiple times a day. Statistics show that there

Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a